Linux

Command
Add new user
check memory and restart service when less than X gb.
change ownership
Curl
nginx basic ssl config
NPT
linux permission
basic config php system
supervisord
traceroute mtr mytraceroute
wkhtmltopdf
Ubuntu Setup

Command

Add new user

useradd <username>

passwd <username>

Enter password

check memory and restart service when less than X gb.

bash
#!/bin/bash

# Get the available memory in KB
free_mem_kb=$(free -k | grep Mem | awk '{print $4}')

# Convert to GB (divide by 1024^2)
# without bc
free_mem_gb=$((free_mem_kb / 1024 / 1024))
# with bc
# free_mem_gb=$(echo "scale=2; $free_mem_kb / (1024 * 1024)" | bc)

# Threshold for memory in GB
threshold=2

# Check if free memory is less than the threshold
# without bc
if [ "$free_mem_gb" -lt "$threshold" ]; then
# with bc
# if (( $(echo "$free_mem_gb < $threshold" | bc -l) )); then
echo "Free memory is less than 2GB ($free_mem_gb GB). Restarting Apache..."
# restart some service here
# sudo systemctl restart apache2
else
echo "Free memory is sufficient: $free_mem_gb GB."
fi

change ownership

basic

chown <user>:<group> <option> <path>

chown www-data:wheel -R /var/www/html/project_name

-R = recursive

change own from one of the user or group only

chown -R --from=root nginx /var/www/html/cms

chown -R --from=:root :nginx /var/www/html/cms

Curl

simple curl GET

``sh
curl "https://api.onesignal.com"
``

simple curl POST

``sh
curl -X "POST" "https://api.onesignal.com"
``

curl with json request and header

``sh
curl -X "POST" "https://iems.kpdn.gov.my/oauth/token" \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{
"client_id": "3",
"scope": "ecoss",
"client_secret": "v3v0kqaUPYkxO7tl3FprWcbD3pzyk7EgvnEBzLmk",
"grant_type": "client_credentials"
}'``

curl with full url

``sh
curl "https://familyhub.lppkn.gov.my/index.php/epms_api/LPPKNReportGateway?token=HEgAtuOHunGqmiMEVDUMjhTAYJRxyM&laporan=1004&tahun=2023&sukuan=1"
``
curl with hidden method (laravel)
``sh
curl -X "POST" "http://10.29.59.97/gps/gpss/50/budgets"
-d $'{
"_method": "PATCH",
"test": "somthing"
}'
``

curl with auth token in header

``sh
curl -X "POST" "http://10.29.59.97/gps/gpss/50/budgets" -H "Content-Type: application/x-www-form-urlencoded" -d "_method=PATCH&token=bgl2TOaY5IdSQRHQDEPKvZd1Y79N66fFNOaV4E9P"
``

nginx basic ssl config

```
server {
listen 80 default_server;
listen [::]:80 default_server;

location / {
return 301 https://$host$request_uri;
}
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /path/to/dhparam;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
}
```

NPT

# Centos 7

```install: yum install ntp -y```

``vi /etc/ntp.conf``

``server 192.168.1.100 iburst``

``systemctl restart ntp``

``check ntp: ntpq -p``

# Centos 8

``install: dnf install chrony``

``vi /etc/chrony.conf``

``server 192.168.1.100 iburst``

``systemctl enable chronyd``

``systemctl restart chronyd``

``check ntp: chronyc sources``

linux permission

# chown

``chown user directory``

> chown ali /var/www/html/project/index.php
> chown ali /var/www/html/project

- this will assign user of the target directory or file to ali.

``chown -R user directory``

- this will assign user of target directory and all its child to ali.

``chown :group directory``

> chown :wheel /var/www/html/project

- this will assign group of target directory to wheel
- difference between user and group is :

``chown user:group directory``

> chown ali:wheel /var/www/html/project

- this will assign user of target directory to ali and group of target directory to wheel

``chown -R --from=root nginx /var/www/html/project``

- change target directory and its child that have current user as root to nginx

``chown -R --from=:root :wheel /var/www/html/project``

- change target directory and its child that have current group as root to wheel

basic config php system

## ssh

ssh -l root 159.223.43.172

sudo dnf update -y

## php

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
rpm -qa | grep epel
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
rpm -qa | grep remi
dnf module list php
dnf module enable php:remi-7.4

dnf install php php-fpm php-opcache php-gd php-curl php-mysqlnd php-mbstring php-dom zip unzip php-zip php-json php-pdo php-pdo_mysql

## mysql

dnf install mysql-server
systemctl start mysqld | mysqld.service
systemctl status mysqld
systemctl enable mysqld
mysql -u root -p
mysql_secure_installation // jika mahu ke live, maka run ini untuk pastikan setting mysql adalah betul
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'; // jika php adalah php >7.3 + mysql 8

QvsfjYR@9pJs@T8oMCy23fwYyQ-.snmviq_!*24p.JC7YERFUsfx_.mQaN.tJGnM

## nginx

dnf install nginx
mv /etc/nginx/default.d/php.conf /etc/nginx/default.d/php.conf.disabled
vi /etc/nginx/conf.d/ekjp.conf

~~~
server {
listen 80;
server_name 10.21.1.86;
root /var/www/html/hlp/public;
index index.php;

charset utf-8;
gzip on;
gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php {
# include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/www.sock;

fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

~~~

nginx -t
systemctl start nginx
systemctl status nginx
systemctl enable nginx

## git

dnf install git

## composer

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
mv composer.phar /usr/local/bin/composer
composer

## firewall

dnf install firewalld
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --permanent --list-all

## setting

cd /var/www/html
git clone https://gitlab.com/tmukmkd/jtm-ekjp-laravel-training.git ekjp
cd ekjp
composer update

vi /etc/php-fpm.d/www.conf
tukar apache kepada nginx
-- tukar nobody kepada nginx

update .env

chown -R nginx:nginx /var/www/html/sago-beta/storage/
chown -R nginx:nginx /var/www/html/sago-beta/bootstrap/cache/
chmod -R 0777 /var/www/html/sago-beta/storage/
chmod -R 0775 /var/www/html/sago-beta/bootstrap/cache/

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/sago-beta/storage(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/sago-beta/bootstrap/cache(/.*)?'
restorecon -Rv '/var/www/html/sago-beta'

mv /etc/nginx/default.d/php.conf /etc/nginx/default.d/php.conf.disabled

systemctl restart php-fpm
systemctl restart nginx

## selinux
sudo setsebool -P httpd_can_network_connect_db=1
setenforce 0

## letsencrypt

dnf install epel-release
dnf install certbot python3-certbot-nginx
certbot --nginx -d some.domain.name

## add user to group
usermod -a -G group_name user_name

supervisord

yum install supervisor

-- ubuntu

apt-get update -y
apt-get install supervisor -y
vi /etc/supervisor/supervisord.conf

```
[program:laravel-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /home/forge/app.com/artisan queue:work sqs --sleep=3 --tries=3
autostart=true
autorestart=true
user=forge
numprocs=8
redirect_stderr=true
stdout_logfile=/home/forge/app.com/worker.log

systemctl start supervisord

sudo supervisorctl reread

sudo supervisorctl update

sudo supervisorctl start laravel-worker:*
```

===

ps -ef | grep supervisord

kill -s SIGTERM 2503

=== ekbaru setting

vi /etc/supervisord.d/supervisor.ini

```
[program:laravel-worker]
command=php /var/www/html/ekgbaru/artisan queue:work --tries=3 --sleep=3
process_name=%(program_name)s_%(process_num)02d
numprocs=8
; priority=99
autostart=true
stopasgroup=true
killasgroup=true
autorestart=true
; startsecs=1
; startretries=3
user=root
redirect_stderr=true
stdout_logfile=/var/www/html/supervisor.log
;stdout_logfile=/var/logs/supervisor.log
```

systemctl start supervisord

systemctl enable supervisord

systemctl status supervisord

traceroute mtr mytraceroute

## tracert

``tracert <url>``

``tracert pcdev.kpdn.gov.my``

## traceroute

// install

``apt instal traceroute``

// usage

``traceroute <url>``

``traceroute pcdev.kpdn.gov.my``

## mtr (mytraceroute)

``sudo mtr <url> -c <request count>``

``sudo mtr pcdev.kpdn.gov.my -c 1000``
``sudo mtr pricecatcher.kpdn.gov.my -c 100``
``sudo mtr myworkforce.perkeso.gov.my -c 10``

wkhtmltopdf

# Centos 8

```sh
wget https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox-0.12.5-1.centos8.x86_64.rpm

wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86_64.rpm

rpm -i wkhtmltox-0.12.6-1.centos8.x86_64.rpm
```

# Centos 7

## install

```
https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox-0.12.5-1.centos7.x86_64.rpm

https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos7.x86_64.rpm

yum install -y libpng libjpeg openssl icu libX11 libXext libXrender xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi
```

## spacedeal

``yum -y install wget``
`yum localinstall wkhtmltox-0.12.6-1.centos7.x86_64.rpm`
`wkhtmltopdf --version`

# rhel 9

```

wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox-0.12.6.1-2.almalinux9.x86_64.rpm

rpm -i wkhtmltox-0.12.6.1-2.almalinux9.x86_64.rpm
```

# Ubuntu

`sudo apt-get install wkhtmltopdf`

`sudo ln -s /usr/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf`

If prompt reboot service just click OK. Use TAB or arrow to navigate.

known issues in Ubuntu

`https://packagist.org/packages/h4cc/wkhtmltopdf-amd64`

`php composer.phar require h4cc/wkhtmltopdf-amd64 "0.12.4"`

`$path = \h4cc\WKHTMLToPDF\WKHTMLToPDF::PATH;` in .env

Ubuntu Setup

install mysql-server
create user 'hub'@'localhost' IDENTIFIED BY 'The-Best-WAY-2024';
create user 'hub'@'localhost' IDENTIFIED BY 'The-Best-PROD-2024';
grant all privileges on *.* to 'hub'@'localhost';
FLUSH PRIVILEGES;

apt install ca-certificates apt-transport-https software-properties-common
add-apt-repository ppa:ondrej/php
apt update
apt install php8.3 php8.3-common php8.3-xml php8.3-intl php8.3-mysql php8.3-zip php8.3-curl

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"
mv composer.phar /usr/bin/composer <-- 2204 guna usr bin. 2004 guna usr local bin
composer install

php8.3-common
php8.3-mysql
php8.3-xml
php8.3-xmlrpc
php8.3-curl
php8.3-gd
php8.3-imagick
php8.3-cli
php8.3-mbstring
php8.3-opcache
php8.3-zip
php8.3-redis
php8.3-intl
php8.3-fpm
-y

-- nginx

server {
listen 80;
server_name server_domain_or_IP;
root /var/www/travellist/public;

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

index index.html index.htm index.php;

charset utf-8;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }

error_page 404 /index.php;

location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ /\.(?!well-known).* {
deny all;
}
}

-- local git
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
precomposeunicode = true
[remote "origin"]
url = git@gitlab.com:myopensoft/sprm-pesalah-rasuah.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "main"]
".git/config" 13L, 315B
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
precomposeunicode = true
[remote "origin"]
url = git@gitlab.com:myopensoft/sprm-pesalah-rasuah.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "main"]
remote = origin
merge = refs/heads/main
~